By EditorDavid from Slashdot's adult-password-finder department
"Almost every account password was cracked, thanks to the company's poor security practices," reports ZDNet -- even for "deleted" accounts. An anonymous reader quotes their article:
The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the "world's largest sex and swinger community [and] also includes over 15 million "deleted" accounts that weren't purged from the databases. On top of that, 62 million accounts from Cams.com, and 7 million from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company. The data accounts for two decades' worth of data from the company's largest sites, according to breach notification LeakedSource, which obtained the data... The three largest site's SQL databases included usernames, email addresses, and the date of the last visit, and passwords, which were either stored in plaintext or scrambled with the SHA-1 hash function, which by modern standards isn't cryptographically as secure as newer algorithms.
The attack apparently coincides with the discovery of "a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on the web server. " Ironically, Friend Finder Networks doesn't even own Penthouse.com anymore. They sold the site to a new owner last February.Read Replies (0)
By EditorDavid from Slashdot's expired-playback-patents department
Long-time Slashdot reader jrincayc shares news from Red Hat's Fedora Engineering Manager, Tom Callaway. On the Fedora-legal mailing list, Callaway announced:
Red Hat has determined that it is now acceptable for Fedora to include MP3 decoding functionality (not specific to any implementation, or binding by any unseen agreement). Encoding functionality is not permitted at this time.
And the same day Christian Schaller announced on the Gnome blog that mp3 playback would be supported in Fedora Workstation 25.
You should be able to download the mp3 plugin on Day 1 through GNOME Software or through the missing codec installer in various GStreamer applications. For Fedora Workstation 26 I would not be surprised if we decide to ship it on the install media.
He added, "I know this has been a big wishlist item for a long time for a lot of people..."Read Replies (0)
By EditorDavid from Slashdot's 20-year-old-languages department
An anonymous reader quotes InfoWorld:
Sun Microsystems officially open-sourced Java on November 13, 2006... "The source code for Java was available to all from the first day it was released in 1995," says [Java creator James] Gosling, who is now chief architect at Liquid Robotics. "What we wanted out of that was for the community to help with security analysis, bug reporting, performance enhancement, understanding corner cases, and a whole lot more. It was very successful." Java's original license, Gosling says, allowed people to use the source code internally but not redistribute. "It wasn't 'open' enough for the 'open source' crowd," he says... While Gosling has taken Oracle to task for its handling of Java at times, he sees the  open-sourcing as beneficial. "It's one of the most heavily scrutinized and solid bodies of software you'll find. Community participation was vitally important..."
A former Oracle Java evangelist, however, sees the open source move as watered down. "Sun didn't open-source Java per se," says Reza Rahman, who has led a recent protest against Oracle's handling of enterprise Java. "What they did was to open-source the JDK under a modified GPL license. In particular, the Java SE and Java EE TCKs [Technology Compatibility Kits] remain closed source."
Rahman adds that "Without open-sourcing the JDK, I donâ(TM)t think Java would be where it is today."Read Replies (0)
By EditorDavid from Slashdot's looking-for-bad-hombres department
An anonymous reader reports that Donald Trump's upcoming presidency raises a few concerns for the security industry:
"Some of his statements that industry professionals find troubling are his calls for 'closing parts of the Internet', his support for mass surveillance, and demands that Apple should have helped the FBI break the encrypted communications of the San Bernardino shooter's iPhone," writes SC Magazine. One digital rights activist even used Trump's surprise victory as an opportunity to suggest President Obama begin "declassifying and dismantling as much of the federal government's unaccountable, secretive, mass surveillance state as he can -- before Trump is the one running it... he has made it very clear exactly how he would use such powers: to target Muslims, immigrant families, marginalized communities, political dissidents, and journalists."
Edward Snowden's lawyer says "I think many Americans are waking up to the fact we have created a presidency that is too powerful," and the Verge adds that Pinboard CEO Maciej Ceglowski is now urging tech sites to stop collecting so much data. "According to Ceglowski, the only sane response to a Trump presidency was to get rid of as much stored user data as possible. 'If you work at Google or Facebook,' he wrote on Pinboard's Twitter account, 'please start a meaningful internal conversation about giving people tools to scrub their behavioral data.'"
Could a Trump presidency ultimately lead to a massive public backlash against government surveillance?Read Replies (0)
By EditorDavid from Slashdot's at-the-movies department
The new movie "Arrival" depicts first contact with aliens, and its producers faced the question of how interstellar spacecraft would actually work. They turned to futurist Stephen Wolfram, who came up with an answer overnight, and also tasked his son with writing much of the computer code seen on displays in the movie. Slashdot reader mirandakatz brings us Wolfram's story:
Christopher was well aware that code shown in movies often doesn't make sense (a favorite, regardless of context, seems to be the source code for nmap.c in Linux). But he wanted to create code that would make sense, and would actually do the analyses that would be going on in the movie... For instance, there's a nice shot of rearranging alien "handwriting," in which one sees a Wolfram Language notebook with rather elegant Wolfram Language code in it. And, yes, those lines of code actually do the transformation that's in the notebook. It's real stuff, with real computations being done...
For the movie, I wanted to have a particular theory for interstellar travel. And who knows, maybe one day in the distant future it'll turn out to be correct. But as of now, we certainly don't know. In fact, for all we know, there's just some simple "hack" in existing physics that'll immediately make interstellar travel possible.
Wolfram's theory posited that space is just one of the attributes emerging from a low-level network of nodes, where long-range connections occasionally break out of three-dimensional space altogether. His 6,900-word essay (originally published on his blog) also suggests film-making has "some structural similarities" with software development -- and grapples with the question of how we'd actually communicate with aliens once they've arrived.Read Replies (0)
By EditorDavid from Slashdot's courting-disaster department
"America's children have officially won the right to sue their government over global warming," reports Motherboard. An anonymous reader quotes their article:
Thursday, a lawsuit filed by 21 youth plaintiffs was ruled valid by U.S. District Judge Ann Aiken in Eugene, Oregon. A group of citizens, whose ages range from nine to twenty, charged President Obama, the fossil fuel industry, and other federal agencies with violating their constitutional rights by declining to take action against climate change. "Federal courts too often have been cautious and overly deferential in the arena of environmental law, and the world has suffered for it," wrote Judge Aiken in her ruling. [PDF]
Several groups -- including the U.S. government and the American Petroleum Institute -- had asked the judge to throw out the case, but the judge ruled instead that climate change would "threaten plaintiffs' fundamental constitutional rights to life and liberty," calling man-made climate change an "undisputed" fact. In a related story, Slashdot reader devinp shares a new study which suggests "Global changes in temperature due to human-induced climate change have already impacted every aspect of life on Earth from genes to entire ecosystems, with increasingly unpredictable consequences for humans."Read Replies (0)
By EditorDavid from Slashdot's ethernet-adapting department
Does Ethernet need new features like "stream reservation" and time synchronization to make sure time-sensitive data isn't delayed on the network? coondoggie quotes Network World: The demand from Internet of Things, automotive networking and video applications are driving changes to Ethernet technology that will make it more time-sensitive. Key to those changes are a number of developing standards but also a push this week from the University of New Hampshire InterOperability Laboratory to set up three new industry specific Ethernet Time-Sensitive Networking consortiums -- Automotive Networking, Industrial Networking, and ProAV Networking aimed at developing deterministic performance within standard Ethernet for real-time, mission critical applications. "Standards-based precise time, guaranteed bandwidth, and guaranteed worst-case latency in a converged Ethernet network is a game-changer to many industries," said Bob Noseworthy, Chief Engineer, UNH-IOL.
The article also acknowledges the work of the Avnu Alliance, which is also trying to build an ecosystem of "low-latency, time-synchronized, highly reliable synchronized networked devices using open standards through certification."Read Replies (0)
By EditorDavid from Slashdot's desolation-of-debugging department
InfoWorld has identified "seven of the gnarliest corners of the programming world," which Slashdot reader snydeq describes as "worthy of large markers reading, 'Here be dragons.'" Some examples:
Multithreading. "It sounded like a good idea," according to the article, but it just leads to a myriad of thread-managing tools, and "When they don't work, it's pure chaos. The data doesn't make sense. The columns don't add up. Money disappears from accounts with a poof. It's all bits in memory. And good luck trying to pin down any of it..."NP-complete problems. "Everyone runs with fear from these problems because they're the perfect example of one of the biggest bogeymen in Silicon Valley: algorithms that won't scale."
The other dangerous corners include closures, security, encryption, and identity management, as well as that moment "when the machine runs out of RAM." What else needs to be on a definitive list of the most dangerous "gotchas" in professional programming?Read Replies (0)
By EditorDavid from Slashdot's trading-futures department
Slashdot reader whoever57 writes;
Navinder Sarao, the British trader who was accused of causing the "flash crash" in 2010 and was extradited to the U.S. this week has pleaded guilty to one count of wire fraud and one count of spoofing. No details of the plea deal have been released, but it's believed that he's agreed to forfeit $13 million. Several years of jail time are also expected for Mr. Sarao.
From the Telegraph:
Sarao, a 37-year-old working out of a modest suburban home in Hounslow in west London, allegedly made tens of millions of dollars with a computer program that could automatically manipulate prices... "Navinder Sarao abused sophisticated technology to make a quick profit, and jeopardised the integrity of US financial markets," said Assistant Attorney General Leslie Caldwell.
Sentencing guidelines suggest he'll spend at least six and a half years in prison, though he faced a maximum possible sentence of 30 years and still faces the possibility of $38 million in sanctions.Read Replies (0)
By EditorDavid from Slashdot's lost-luggage department
Although the U.S. government "does not believe the bomb contains active nuclear material," schwit1 shares this report from the BBC:
A commercial diver may have discovered a lost decommissioned U.S. nuclear bomb off the coast of Canada. Sean Smyrichinsky was diving for sea cucumbers near British Columbia when he discovered a large metal device that looked a bit like a flying saucer. The Canadian Department of National Defence believes it could be a "lost nuke" from a US B-36 bomber that crashed in the area in 1950.... The plane was on a secret mission to simulate a nuclear strike and had a real Mark IV nuclear bomb on board to see if it could carry the payload required...
The American military says the bomb was filled with lead, uranium and TNT but no plutonium, so it wasn't capable of a nuclear explosion... Several hours into its flight, its engines caught fire and the crew had to parachute to safety... The crew put the plane on autopilot and set it to crash in the middle of the ocean, but three years later, its wreckage was found hundreds of kilometers inland.
The crew says they dumped their bomb-like cargo into the ocean first to avoid a detonation on land.Read Replies (0)
By EditorDavid from Slashdot's begging-your-pardon department
"President Obama has a political moment to pardon Manning & Snowden," WikiLeaks tweeted on Friday, adding "If not, he hands a Trump presidency the freedom to take his prize." And a new online petition is also calling for a pardon of WikiLeaks founder Julian Assange, saying Assange is "a hero and must be honoured as such," attracting over 10,000 supporters in just a few days. An anonymous reader writes:
Monday WikiLeaks also announced, "irrespective of the outcome of the 2016 U.S. Presidential election, the real victor is the U.S. public which is better informed as a result of our work." Addressing complaints that they specifically targeted Hillary Clinton's campaign, the group said "To date, we have not received information on Donald Trump's campaign, or Jill Stein's campaign, or Gary Johnson's campaign or any of the other candidates that fulfills our stated editorial criteria." But they also objected to the way their supporters were portrayed during the U.S. election, arguing that Trump and others "were painted with a broad, red brush. The Clinton campaign, when they were not spreading obvious untruths, pointed to unnamed sources or to speculative and vague statements from the intelligence community to suggest a nefarious allegiance with Russia. The campaign was unable to invoke evidence about our publications -- because none exists."
Thursday a WikiLeaks representative expressed surprise that, despite the end of the U.S. election, Julian Assange's internet connection in the Ecuadorean Embassy in London has not yet been restored.Read Replies (0)